February 13th, 2014
Over the summer, Instagram users were warned about fruit spam, which consisted of images of fruit being uploaded to the social network that directed users to malicious websites. As Satnam Narang of Symantec reports, fruit spam has migrated to Snapchat, but still poses a danger to users.
The problem is not quite as simple as ignoring images sent using Snapchat that feature fruit or fruit based drinks. This Snapchat spam acts similarly to many email spam problems in that it infects a user, then sends spam to all of their contacts. In the past, Snapchat spam originated from fake accounts and was much easier to spot. Now, a trusted contact may be the one spamming you.
The Snaps urge users to visit frootsnap.com or snapfroot.com for the recipes of the drinks being shown. Instead, users land on a page made to look like a GroupOn product page that offers free diet pills. Users that attempt to buy the pills are directed to yet another website, which has been associated with excessive and fraudulent charges.
Unfortunately, the root of the problem has yet to be uncovered. It does not appear that users who click on the spam images are infected themselves, which means there is some other method for accounts to be hacked and spam sent from them.
Snapchat has released a statement saying that increased security measures have been taken and advise that users change and improve the strength of their passwords. While changing passwords seems to stop the spam originating from an account, deleting the app from your device does not.
Often, these types of scams originate from a malware infection. If you have a device that’s been infected with malware, or is just acting strangely, come by Geek Rescue or call us at 918-369-4335.
February 13th, 2014
In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.
Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.
Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.
Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.
This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.
Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.
If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.
February 12th, 2014
Office 365 contains vital tools for businesses of any size. With so many companies relying on Microsoft’s applications, there’s a need for improved security to protect valuable data. As Alexandra Gheorghe reports for Hot For Security, Office 365 users will now be using two-factor authentication to keep the data used within applications safer.
Previously, data being stored in the cloud through Office 365 was protected only by a password, except for those users with administrative roles who have had access to two-factor authentication since June. Now, all users will have be able to use the enhanced security.
Before you are able to log-in, users will need to correctly enter their password, then use a separate, one-time code that’s sent to them via text message or app notification on their smartphone. Users also have the option of having Microsoft call their smartphone or office phone and simply hitting pound to authenticate. This will verify the device being used to access Office 365. To access your account from another device, the authentication process would have to be used again.
Two-factor authentication isn’t foolproof. Attacks that successfully compromised two-factor systems have already been observed in the wild. But, it’s considered much more secure than using a password alone. Since the aim is to protect data stored in the cloud, protecting it from remote access by unknown sources is important.
While two-factor authentication is not yet available for desktop applications, Microsoft is adding App Passwords to offer additional security for those users.
For help implementing Office 365 at your business, or for help improving your security infrastructure, call Geek Rescue at 918-369-4335.
February 11th, 2014
When buying new servers for your business, there are a number of factors to consider to ensure that you get exactly what you need. A new trend being adopted by IBM and HP could add some confusion and frustration to the process. As David King of IT Manager Daily reports, HP recently announced that firmware updates will only be available for its users who are under warranty or a support agreement. IBM has already made that change in policy.
This news means that in order to secure your servers, you’ll have to pay more than ever before. For small business who have already stretched their IT budget thin, this could be a real problem. To save yourself some trouble, and possibly some money, here’s what you need to consider before buying a server.
While IBM’s and HP’s service comes with an expiration date that requires you to pay more for continued support, other companies like Dell and Cisco have no such stipulations. That’s not to say that one company is a better option than another. Rather, the point is that a seemingly cheap server with a limited warranty may end up being more costly than a more expensive server with an unlimited service plan. Before making a purchase, the terms of service needs to be among your first concerns.
If you already have servers that will soon lose their support, or you decide that expiring support isn’t a deterrent for buying a server, there are options for when your warranty finally expires. Before you renew with the server’s manufacturer, check around with third party support companies that may offer better service for less money. A local company may be able to offer support that’s more personalized to your specific needs, rather than the one size fits all approach of the giants.
In order to recoup some of the money spent on new servers, many companies plan to resell them when they’re no longer needed. The value of old servers could take a major hit if the manufacturer no longer covers them. This suggests that servers from manufacturer’s with unlimited service plans will enjoy a higher resale value than those with an expiring service plan. Keep that in mind when you’re purchasing a server if you plan to sell it later.
If you have questions about your server needs, want to explore other options for support or would like to store your company’s data on off-site servers you don’t have to manage yourself, call Geek Rescue at 918-369-4335.
February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
February 7th, 2014
Many internet users believe that the key to avoiding a malware infection is to only visit legitimate websites and never open suspicious looking email or download attachments. While this is certainly going to keep users safe from a large amount of malware, it doesn’t keep them safe from all of it. This is evidenced by a recent exploit of a vulnerability in Adobe’s Flash player. As Lucian Constantin reports for PC World, this exploit infected victims with malware capable of stealing users’ log-in credentials for a variety of websites.
Security experts uncovered 11 exploit files targeting this vulnerability, which reveals that the same security flaw was being used by hackers in different ways. Some of the exploit files were designed to execute other files, one downloaded other malicious files and one was a trojan that steals log-in credentials saved in email and web browsers.
Experts found that each file was embedded within Microsoft Word .docx files and target Windows users specifically. Though one attack used malicious emails with a rigged .docx file as an attachment to infect users, most files were found in internet caches suggesting they were downloaded from websites.
These files have already been used in attacks against real-world users, as evidenced by Adobe’s use of the phrase “in the wild” to describe them. Since the vulnerability is known in the hacking community, expect more attacks to be rolled out exploiting it.
To their credit, Adobe scrambled to release a patch that would eliminate the Flash security flaw. This is version 12.0.0.44 for Windows and Mac users. If you haven’t updated Flash on your machine yet, be sure to do that as soon as possible.
If your computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 6th, 2014
There are a number of ways for hackers to hijack your web browser. Usually, this stems from a user downloading a seemingly legitimate application like a game or security tool. Hidden as part of that download is malware that allows for browser hijacking. As Lisa Vaas of Naked Security reports, Google Chrome users now have a better warning system in place for any attempts to hijack the browser.
Since October, Chrome has featured a “reset browser settings” option. To find it, go to the Advanced Settings menu and scroll to the bottom. Pushing this button resets Chrome to all of the default settings it came with and removes all extensions and apps associated with your browser. It’s like starting over from scratch, which is useful if a malicious program has changed settings you aren’t aware of.
The first few months of the ‘reset browser settings’ button’s existence, it was limited because of its relatively hidden place within the settings menu. There was always the possibility that users may not know about that option, or that they won’t know their browser is being hijacked.
Now, Google has introduced a new warning system that causes a message to pop-up on screen anytime Google’s settings are changed without the user’s knowledge. Users are able to reset their settings directly from that warning pop-up.
For some users, resetting their browsers back to the factory default settings isn’t the best option, despite evidence of browser hijacking. Many have already asked Google to include an option to return to a previously saved state. This way, you wouldn’t need to completely re-customize Chrome. Some of your extensions and settings would stay in tact, rather than resetting everything and making you alter every setting and add extensions again. There’s been no word yet if Google will make this possible in a later update.
Typically, browser hijacking is easy to spot. You’ll notice your homepage has been changed, or that ads are being injected into websites where they don’t belong. Some hijacking malware can’t be thwarted by a simple reset of browser settings, however. Depending on the type of infection you encounter, failure to find and completely remove the malware could result in repeated browser hijacking. In these cases, resetting your browser only fixes the problem temporarily.
If you believe your computer has been infected with malware, come see us at Geek Rescue or call us at 918-369-4335.
February 4th, 2014
Any time one of the giant email providers is hacked, it’s major news. A large scale attack affecting thousands to millions of users most recently hit Yahoo. Attacks on your email aren’t always part of a larger effort, however. Sometimes, your email is hacked because a device you use to access it is infected with malware, or because it shares a password with a less secure online account you use. Sometimes, there’s little you can do to avoid having your email’s security compromised. But, it’s important to be able to quickly recognize the warning signs of a hack so you can get to work resolving it. At Tech2, Nishtha Kanal explained a way to see who has been accessing your Gmail account recently.
To find out the last 10 devices that have accessed your Gmail account, you’ll first need to long in on a desktop browser. This won’t work on the Gmail app. Scroll all the way to the bottom of your inbox and locate a link called “Details” on the right side of the page. Clicking that link will open a pop-up detailing the recent activity on your account. You’ll be able to see what type of device has accessed your account, when it was accessed and where the IP address of the device is located.
Even if you don’t suspect any malicious activity on your Gmail account, it’s a good idea to regularly check this log. This way, you’re sure to catch any break-ins before they have an opportunity to do any real damage.
If you’re not a Gmail user, or you’d like some other ways to monitor your email account, there are other methods. Monitoring your ‘Sent’ folder helps you keep tabs on how your account is being used. Many times, hackers will use your email to spam all of your contacts. These messages don’t always show up in the ‘Sent’ folder, but if any messages do show up there that you aren’t familiar with, you’ll know someone else has access to your account.
If you find your email has been hacked, there’s a good chance your computer is also infected with malware. Bring your infected devices to Geek Rescue, or give us a call at 918-369-4335.
February 3rd, 2014
More than a quarter of all internet users have Mozilla Firefox set as their primary web browser. Just like any other browser, however, there are some security concerns you need to understand. Andy O’Donnell at About recently published a few ways you can enhance the security in Firefox for a safer browsing experience.
Most websites you visit track the actions you take while on their site and even after you leave. Usually, this isn’t connected to anything malicious. Instead, this data is used for marketing to offer you a more personalized experience. Many users would prefer not to be tracked for any reason, however, and Firefox has a handy tool for that. To enable ‘Do Not Track’, go to ‘Preferences’, choose ‘Privacy’ and check the box next to “Tell websites that I don’t want to be tracked.” This doesn’t guarantee that websites will never track you, but most legitimate websites obey your wishes.
- Phishing and Malware protection
It’s easy to lose yourself while surfing the internet and wind up on a less than reputable website. You may not even know a website is malicious at the time, but there are many designed specifically to infect your computer with malware or steal your information. You can provide better protection against malware and phishing by enabling a couple of options in Firefox. From the ‘Preferences’ menu. click ‘Security’ and check “Block reported attack sites” and “Block reported web forgeries”. This checks each site you visit against a constantly updated list of known malicious sites. If you attempt to visit a site on the list, you’ll be blocked and kept safe.
There are a number of attacks that use scripts on websites. There are also plenty of legitimate uses for scripts that developers use to enhance their sites. So, blocking them completely will limit how well legitimate sites you visit are able to function. Not blocking them at all leaves you open many common attacks. The best option is to use an add-on that blocks scripts on untrusted sites. There are many to choose from. To find them, go to Mozilla’s Add-on site and search “noscript”. Click the “Add to Firefox” button next to the add-on you wish to use and follow the on-screen instructions. The default for each site will be to block scripts, but when you visit a trusted site, you can choose to allow them so the website will work properly.
Pop-up blockers have become so widely used that almost no one even tries to use pop-ups anymore. But, there are still some annoyances online if you don’t have a pop-up blocker in place. To enable it in Firefox, go to ‘Preferences’, choose ‘Content’ and check the “block pop-up windows” box. If you run into a site that need pop-ups allowed to function properly, you can always add it as an exception.
Regardless of which web browser you typically use, you need to know tips like these to make it as secure as possible. Additionally, it’s important to have other security tools in place, like an updated antivirus program.
If your computer or any other device has suffered an attack or malware infection, call Geek Rescue at 918-369-4335.
January 31st, 2014
Even though 2014 is only a month old, it’s already become clear that this year will feature many large scale malware attacks on smartphones and mobile devices. Mobile security has been a focus for many this year because of the growing number of attacks being seen and the malware being produced specifically for the mobile audience. At SC Magazine, Adam Greenberg reports on the latest mobile malware threat that has already infected more than 350-thousand devices.
The malware targets Android devices and has been spotted in China, Spain, Brazil, Germany and the United States. Known as Android.Oldboot.1.origin, the malware operates as a bootkit and is difficult to remove.
The malware is designed to download and install new applications to your device, or even remove existing applications. This allows for additional malicious applications to be added and security apps to be removed.
The particularly noteworthy characteristic of this malware is how resilient it is. During the initial infection, the malware, which is categorized as a trojan, is extracted when the device is turned on. This makes it more difficult to detect than other malware that attempt extraction while the device is in operation. That also allows it to continue to infect a device even when most traces of the trojan have been removed. As long as part of the malware remains in the device’s memory, it is reinstalled and extracted every time the device is rebooted.
This particular threat seems to follow a more complicated infection method that involves reflashing a device with new firmware. Staying safe from most mobile malware, however, stems from being extremely cautious of what you download to your device and what links you follow.
If any of your devices are suffering from a malware infection, come by Geek Rescue or call us at 918-369-4335.
